XSS game: Level 1

Mission Description

This level demonstrates a common cause of cross-site scripting where user input is directly included in the page without proper escaping.

Interact with the vulnerable application window below and find a way to make it execute JavaScript of your choosing. You can take actions inside the vulnerable window or directly edit its URL bar.

Mission Objective

Inject a script to pop up a JavaScript alert() in the frame below.

Once you show the alert you will be able to advance to the next level.

Advance to next level >>

Your Target

1. To see the source of the application you can right-click on the frame and choose View Frame Source from the context menu or use your browser's developer tools to inspect network traffic.
2. What happens when you enter a presentational tag such as <h1>?
3. Alright, one last hint: <script> ... alert ...

[1/6] Level 1: Hello, world of XSS

Mission Description

Mission Objective

Your Target

Target code (toggle)

Hints 0/3 (show)